[dns-operations] "Poorly configured DNSSEC servers at root of DDoS attacks"

Daniel Kalchev daniel at digsys.bg
Fri Sep 2 12:55:26 UTC 2016

> On 2.09.2016 г., at 15:38, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Fri, Sep 02, 2016 at 01:33:08PM +0100,
> Tony Finch <dot at dotat.at> wrote 
> a message of 33 lines which said:
>> Dropping responses is likely to cause problems with legitimate ANY
>> queries.
> And it may help poisoning attacks (the spoofer no longer has a race
> with the real server).

Which is why people go to the trouble of deploying DNSSEC.


More information about the dns-operations mailing list